secstore (and secstored) is the conventional answer there. It typically runs on your auth server, and factotum will connect to it when it starts, to load your keys. Things are encrypted on disk, and you only need the secstore password. The ‘feedkeys’ script demonstrates how to do it manually, after factum is already running, in case you can’t reach your auth server when factotum starts (or if you don’t have a stable office server). In some sense the simplest answer is to just encrypt the file you are already using on disk, probably using aescbc. But, personally, I would set up secstore anyway; it is more convenient for factum, and it is nice to have an easy way to save other encrypted things, too. Just run it at boot time and use ‘feedkeys’ or something similar to populate factotum after. On Dec 20, 2024, at 11:46, Clay Ayers - thedaemon via 9fans <9fans@9fans.net> wrote:
|
- Re: [9fans] examples for setting up secst... sirjofri
- Re: [9fans] examples for setting up ... Ron Minnich
- Re: [9fans] examples for setting... Ron Minnich
- Re: [9fans] examples for set... hiro
- Re: [9fans] examples for... sirjofri
- Re: [9fans] examples for... Frank D. Engel, Jr.
- Re: [9fans] example... Ron Minnich
- Re: [9fans] example... a
- Re: [9fans] example... Charles Forsyth
- Re: [9fans] example... Clay Ayers - thedaemon via 9fans
- Re: [9fans] example... Anthony Sorace
- Re: [9fans] example... Charles Forsyth
- Re: [9fans] examples for... Lyndon Nerenberg (VE7TFX/VE6BBM)
- Re: [9fans] example... Lyndon Nerenberg (VE7TFX/VE6BBM)
